IPSec-ESP: Encapsulating Security Payload for IP Security Suite

GENERAL DESCRIPTION

LancsNet IPsec-ESP Engine is designed to provide hardware acceleration of the ESP packet processing required to implement in IPSec compliant devices. The design offers straightforward for offloading ESP packet processing to hardware up to 25.6 Gbps while high-level protocols such as connection establishment/management, SA, Key exchange are run on embedded CPU. The core follows strictly recommendations from IETF RFC 4303/RFC 4301 and has been extensively tested in association with our products.

IPSec
KEY FEATURES

Features

          • IPSec Bandwith up to 25.6 Gbps**
          • Support IETF RFC 4303/RFC 4301
          • AXI-Stream compatible
          • Supports all three ESP security service types: Confidentiality only, Integrity only, Confidentiality and Integrity
          • Support IPv4 or IPv6 applications
          • IPsec ESP Transport or Tunnel mode operation
          • Support for combined mode algorithms: AES-CCM (RFC 4309) and AES-GCM (RFC 5288)
          • Automatic ESP padding generation and checking.
          • Supports Traffic Flow Confidentiality padding generation.
          • Extended Sequence Number support for IKEv2 (RFC 5996) compatibility

** IPsec-ESP with fully-pipelined AES-GCM on Virtex7 XC7VX550T

Configurability

        • Tunable pipeline stages
        • May be supplied with any combination of ESP encryption and authentication algorithms.
        • Selectable ESP security services: Confidentiality only, Integrity only, Confidentiality and Integrity
        • Bandwidth adjustable (for tradeoff in the area)

Technology Agnostic

        • VHDL source code available, designed and tested for FPGA* and ASIC

* In production with customers

Example Implementation – LancsNet IPSec-ESP Engine

Family Part

Fmax

(MHz)

LUT LUTRAM FF BRAM DSP IP Config
Artix7 XC7A200T 125.9 17K 1 6K 9 0 IPSec tunnel mode, AES-GCM 128, 14 round
Kintex7 XC7K325T 178.6 17K 1 6K 9 0 IPSec tunnel mode, AES-GCM 128, 14 round
Virtex7 XC7VX550T 201.7 17K 1 6K 9 0 IPSec tunnel mode, AES-GCM 128, 14 round
Artix7 XC7A200T 125.9 19K 1 7K 9 0 IPSec tunnel mode, AES-GCM 192, 14 round
Kintex7 XC7K325T 178.6 19K 1 7K 9 0 IPSec tunnel mode, AES-GCM 192, 14 round
Virtex7 XC7VX550T 201.7 19K 1 7K 9 0 IPSec tunnel mode, AES-GCM 192, 14 round
Artix7 XC7A200T 125.9 20K 2 8K 9 0 IPSec tunnel mode, AES-GCM 256, 14 round
Kintex7 XC7K325T 178.6 20K 2 8K 9 0 IPSec tunnel mode, AES-GCM 256, 14 round
Virtex7 XC7VX550T 201.7 20K 2 8K 9 0 IPSec tunnel mode, AES-GCM 256, 14 round

    APPLICATIONS

    IPsec hardware accelerators, security gateway, cloud computing, data center, edge router, edge networking for IoT data aggregation.

     An example application of the IPSec-ESP IP adopted for datacenter acceleration using SmartNIC

    ipsec app
    DELIVERABLES

    The IP core and the simulation testbench are provided with extensive documentation and technical support from our technical teams. By default, the encrypted format IP core is provided, full source code is available for interested partners/developers under a specific agreement

    FOR DEMO ON HARDWARE AND SIMULATION
    PRICING AND FURTHER INFORMATION

    Request for quote & datasheet at sales@lancsnet.com